These release notes describe new features and significant software components for the Cisco 3200 Series Mobile Access Router that support the Cisco IOS Release 12.2(15)T, up to and including Release 12.2(15)JK5. These release notes are updated as needed to describe new memory requirements, new features, new hardware support, software platform deferrals, microcode or modem code changes, related document changes, and any other important changes. Use these release notes with the Cross-Platform Release Notes for Cisco IOS Release 12.2Tlocated on Cisco.com.

Hardware Supported

For descriptions of existing hardware features and supported modules, see the configuration guides and additional documents specific to the Cisco 3200 Series Mobile Access Router, which are available on Cisco.com at the following location:

Determining the Software Version

To determine which version of Cisco IOS software is currently running on your Cisco 3200 series WMIC, log in to the WMIC and enter the show version EXEC command. The following sample output from the show version command indicates the version number.

Upgrading to a New Software Release

Feature Set Tables

The Cisco IOS software is packaged in feature sets consisting of software images, depending on the platform. Each feature set contains a specific set of Cisco IOS features. Release 12.2(15)JK supports the same feature sets as Releases 12.2 and 12.2(15)T, but Release 12.2(15)JK includes new features supported by the Cisco 3200 Series Mobile Access Router. Release 12.2(15)JK5 is a rebuild of Release 12.2(15)JK and includes only bug fixes, it does not include any new features.

Caution The Cisco IOS images with strong encryption (including, but not limited to, 168-bit [3DES] data encryption feature sets) are subject to United States government export controls and have limited distribution. Strong encryption images to be installed outside the United States will likely require an export license. Customer orders can be denied or subject to delay as a result of United States government regulations. When applicable, the purchaser/user must obtain local import and use authorizations for all encryption strengths. Please contact your sales representative or distributor for more information, or send an e-mail to export@cisco.com.

Table 2 lists the features and feature sets supported in Release 12.2(15)JK5.

The table uses the following conventions:

•In—The number in the "In" column indicates the Cisco IOS release in which the feature was introduced. For example, "12.2(15)JK" indicates that the feature was introduced in 12.2(15)JK. If a cell in this column is empty, the feature was included in a previous release or in the initial base release.

•Yes—The feature is supported in the software image.

•No—The feature is not supported in the software image.

Note This feature set table contains only a list of selected features, which are cumulative for Release 12.2(15)nn early deployment releases only (nn identifies each early deployment release). The table does not list all features in each image; additional features are listed in Cross-Platform Release Notes for Cisco IOS Release 12.2(15)Tandin Release 12.2(15)T Cisco IOS documentation.

Table 2 Feature List by Feature Set for the Cisco 3200 Series Mobile Access Router

New Hardware Features in Release 12.2(15)JK

The following sections describe the new hardware features supported by the Cisco 3200 Series Mobile Access Router for Release 12.2(15)JK.

Cisco 3201 Wireless Mobile Interface Card

The Cisco 3201 Wireless Mobile Interface Card (WMIC) is a mobile interface card (MIC) in a standard PC/104-Plus form factor. It is one component of the Cisco 3200 Series Mobile Access Router and provides an 802.11g wireless interface.

The Cisco 3201 WMIC can be configured as an

•802.11g wireless access point

•802.11g wireless root bridge

•802.11g wireless work group bridge

•802.11g wireless non-root bridge without clients.

The Cisco 3201 WMIC connects to the Cisco 3200 Series router through the 10/100 Fast Ethernet interface.

The key features of the Cisco 3201 WMIC include the following:

•One autosensing switched 10/100 Fast Ethernet interface.

New Software Features in Release 12.2(15)T

For information regarding the features supported in Cisco IOS Release 12.2(15)T, refer to the Cross-Platform Release Notes and New Feature Documentation links at the following location on Cisco.com:

•CSCed79373—Drop rate is not updated by the show policy-map interface d0 command.

•CSCee15368—IAPP lost for WGB to Cisco Aironet 1100 access point while configuring LEAP.

Caveats

Caveats describe unexpected behavior or defects in the Cisco IOS software releases. Severity 1 caveats are the most serious caveats, severity 2 caveats are less serious, and severity 3 caveats are the least serious of these three severity levels.

Caveats in Cisco IOS Release 12.2(15)T are also in Release 12.2(15)JK. For information on caveats in Cisco IOS Release 12.2(15)T, refer to the Caveats for Cisco IOS Release 12.2(15)T document. This document lists severity 1 and 2 caveats; the documents is located on Cisco.com.

Resolved Caveats - Release 12.2(15)JK5

Cisco IOS may permit arbitrary code execution after exploitation of a heap-based buffer overflow vulnerability. Cisco has included additional integrity checks in its software, as further described below, that are intended to reduce the likelihood of arbitrary code execution.

Cisco has made free software available that includes the additional integrity checks for affected customers.

Symptoms: An IP packet that is sent with an invalid IP checksum may not be dropped.

Conditions: This symptom is observed if the IP checksum is calculated with a decreased time-to-live (TTL) value. For example, in the situation where the IP checksum must be 0x1134 with a TTL of 3, if the packet is sent with an IP checksum of 0x1234 that is calculated by using a TTL value of 2, the packet is not dropped. In all other cases, packets with incorrect checksums are dropped.

Workaround: There is no workaround.

•CSCeb88239

Symptoms: A router that runs RIPng may crash after receiving a malformed RIPng packet, causing a Denial of Service (DoS) on the device.

Conditions: This symptom is observed when the ipv6 debug rip command is enabled on the router. Malformed packets can normally be sent locally. However, when the ipv6 debug rip command is enabled, the crash can also be triggered remotely. Note that RIP for IPv4 is not affected by this vulnerability.

Workaround: There is no workaround.

•CSCee45312

Remote Authentication Dial In User Service (RADIUS) authentication on a device that is running certain versions of Cisco Internetworking Operating System (IOS) and configured with a fallback method to none can be bypassed.

Systems that are configured for other authentication methods or that are not configured with a fallback method to none are not affected.

Only the systems that are running certain versions of Cisco IOS are affected. Not all configurations using RADIUS and none are vulnerable to this issue. Some configurations using RADIUS, none and an additional method are not affected.

Cisco has made free software available to address this vulnerability. There are workarounds available to mitigate the effects of the vulnerability.

More details can be found in the security advisory which posted at the following URL:

Conditions: This symptom is observed when a Cisco router that peers with other routers receives an Autonomous System (AS) path with a length that is equal to or greater than 255.

Workaround: Configure the bgp maxas limit command in such as way that the maximum length of the AS path is a value below 255. When the router receives an update with an excessive AS path value, the prefix is rejected and recorded the event in the log.

•CSCsa52807

A document titled "ICMP Attacks Against TCP," which describes how the Internet Control Message Protocol (ICMP) could be used to perform Denial of Service (DoS) attacks against the Transmission Control Protocol (TCP), has been made publicly available through the Internet Engineering Task Force (IETF) Internet Draft process (draft-gont-tcpm-icmp-attacks-03.txt).

These attacks, which affect only sessions terminating or originating on a device itself, can be of three types:

Successful attacks may cause connection resets or reduction of throughput in existing connections, depending on the attack type.

Multiple Cisco products are affected by the attacks described in this Internet draft.

Cisco has made free software available to address these vulnerabilities. There are also workarounds available to mitigate the effects. More details can be found in the security advisory at the following URL:

Resolved Caveats - Release 12.2(15)JK4

Cisco Internetwork Operating System (IOS) software is vulnerable to a Denial of Service (DoS) and potentially an arbitrary code execution attack from a specifically crafted IPv6 packet. The packet must be sent from a local network segment. Only devices that have been explicitly configured to process IPv6 traffic are affected. Upon successful exploitation, the device may reload or be open to further exploitation.

Cisco has made free software available to address this vulnerability for all affected customers.

A document that describes how the Internet Control Message Protocol (ICMP) could be used to perform a number of Denial of Service (DoS) attacks against the Transmission Control Protocol (TCP) has been made publicly available. This document has been published through the Internet Engineering Task Force (IETF) Internet Draft process, and is entitled "ICMP Attacks Against TCP" (draft-gont-tcpm-icmp-attacks-03.txt).

These attacks, which only affect sessions terminating or originating on a device itself, can be of three types:

The disclosure of these vulnerabilities is being coordinated by the National Infrastructure Security Coordination Centre (NISCC), based in the United Kingdom. NISCC is working with multiple vendors whose products are potentially affected. Its posting can be found at: http://www.niscc.gov.uk/niscc/docs/re-20050412-00303.pdf?lang=en.

Resolved Caveats - Release 12.2(15)JK2

Cisco Internetwork Operating System (IOS) Software is vulnerable to a Denial of Service (DoS) attack from crafted IPv6 packets when the device has been configured to process IPv6 traffic. This vulnerability requires multiple crafted packets to be sent to the device which may result in a reload upon successful exploitation.

A document that describes how the Internet Control Message Protocol (ICMP) could be used to perform a number of Denial of Service (DoS) attacks against the Transmission Control Protocol (TCP) has been made publicly available. This document has been published through the Internet Engineering Task Force (IETF) Internet Draft process, and is entitled "ICMP Attacks Against TCP" (draft-gont-tcpm-icmp-attacks-03.txt).

These attacks, which only affect sessions terminating or originating on a device itself, can be of three types:

The disclosure of these vulnerabilities is being coordinated by the National Infrastructure Security Coordination Centre (NISCC), based in the United Kingdom. NISCC is working with multiple vendors whose products are potentially affected. Its posting can be found at: http://www.niscc.gov.uk/niscc/docs/re-20050412-00303.pdf?lang=en.

•CSCee67450

A Cisco device running Cisco IOS and enabled for the Border Gateway Protocol (BGP) is vulnerable to a Denial of Service (DoS) attack from a malformed BGP packet. Only devices with the command `bgp log-neighbor-changes' configured are vulnerable. The BGP protocol is not enabled by default, and must be configured in order to accept traffic from an explicitly defined peer. Unless the malicious traffic appears to be sourced from a configured, trusted peer, it would be difficult to inject a malformed packet.

If a misformed packet is received and queued up on the interface, this bug may also be triggered by other means which are not considered remotely exploitable such as the use of the command `show ip bgp neighbors' or running the command `debug ip bgp <neighbor> updates' for a configured bgp neighbor.

The show tech command on Cisco 3201 WMIC does not print the "show flash: all" information.

•CSCed89520—Up to 12 sec needed for ping to pass after roaming.

When roaming back and forth from one access point to another access point, it sometime takes up to 12 sec for download traffic, for WGB client, to resume. The access point displays that the WGB is associated but traffic does not pass.

The download traffic is delayed to restart if there is no upload from WGB client after WGB associates to new access point.

When a WGB and its wired client associate to a Cisco 3201 WMIC configured as a root access point, after approximately 5 min, the wired client is no longer associated, as shown by the show dot11 associations command.

Workaround

Maintain some traffic going out from the wired client like keepalives or Mobile IP solicitations (if using Mobile IP) continuously being sent at regular time every intervals, where the time interval is less than 5 min. This will ensure the wired client is not timed out on the root access point.

When the BVI1 interface is fast configured between static and DHCP IP addresses, sometimes both processes (Exec and DHCP) try to get a semaphore to save the IP address on NVRAM. When one process gets the semaphore, it will still hold the semaphore if it cannot open the file system. At the same time if another process from console tries to get the same semaphore, then the console will be frozen.

Workaround

Do not configure the BVI1 interface continuously between static and DHCP IP addresses.

•CSCee35755—WGB 350 does not pass its IP address in Cisco Aironet Ext field in association request.

When VLAN is configured, after the association of a root bridge with two or more non-root bridges, ping from root bridge to non-root bridges fail. The ping will succeed once the non-root bridge entry gets aged and deleted from the root bridge table.

The guest-mode SSID is used in beacon frames and probe response frames to probe request that specify the empty or wildcard SSID. If no guest-mode SSID exists, the access point probe response to probe request of empty SSID still contains SSID.

•CSCee44432—When antenna are set to transmit, they will still receive.

When WMIC antennas are set in transmit or receive mode, they will continue to both transmit and receive.

When a WGB and its wired client associate to a WMIC configured as a root Access Point, after approximately 5 min, the wired client is no longer associated as reflected by the show dot11 associations command.

Workaround

Configure the outgoing traffic from the wired client like keepalives or Mobile IP solicitations (continuously being sent every interval, where the time interval is less than 5 min). This ensures the wired client is not timed out on the root access point.

Cisco has made free software upgrades available to address this vulnerability for all affected customers.

This vulnerability is documented by Cisco bug ID CSCee08584.

•CSCed89520—Up to 12 sec needed for ping to pass after roaming.

When roaming back and forth from one access point to another access point, it sometime takes up to 12 sec for download traffic to resume for WGB client. The access point displays that the WGB is associated but traffic does not pass.

The download traffic is delayed to restart if there is no upload from WGB client after WGB associates to new access point.

Workaround

Configure SNMP link-state trap mechanism between MAR and WMIC.

•CSCed93298—Client does not pass its IP address in the Cisco Aironet Ext field in association request.

When doing a show dot11 associations command on the Cisco 3201 WMIC configured as a root access point, the IP address of any CB21AG client which is associated to the WMIC may be displayed as 0.0.0.0. After two or more minutes, the CB21AG client's IP address will be displayed correctly.

Workaround

Ping the CB21AG client from the Cisco 3201 WMIC, or vice-versa.

•CSCec16481

A Cisco device running Internetwork Operating System (IOS) and enabled for the Open Shortest Path First (OSPF) Protocol is vulnerable to a Denial of Service (DoS) attack from a malformed OSPF packet. The OSPF protocol is not enabled by default.

The vulnerability is only present in IOS release trains based on 12.0S, 12.2, and 12.3. Releases based on 12.0, 12.1 mainlines and all IOS images prior to 12.0 are not affected. Refer to the Security Advisory for a complete list of affected release trains.

Further details and the workarounds to mitigate the effects are explained in the Security Advisory which is available at the following URL:

Related Documentation

The following sections describe the documentation available for the Cisco 3200 series routers. These documents consist of hardware and software installation guides, Cisco IOS configuration guides and command references, system error messages, feature modules, and other documents.

Cisco Feature Navigator

Cisco IOS software is packaged in feature sets that are supported on specific platforms. To get updated information regarding platform support for this feature, access Cisco Feature Navigator. Cisco Feature Navigator dynamically updates the list of supported platforms as new platform support is added for the feature.

Cisco Feature Navigator is a web-based tool that enables you to quickly determine which Cisco IOS software images support a specific set of features and which features are supported in a specific Cisco IOS image. You can search by feature or release. Under the release section, you can compare releases side by side to display both the features unique to each software release and the features in common.

To access Cisco Feature Navigator, you must have an account on Cisco.com. If you have forgotten or lost your account information, send a blank e-mail to cco-locksmith@cisco.com. An automatic check will verify that your e-mail address is registered with Cisco.com. If the check is successful, account details with a new random password will be e-mailed to you. Qualified users can establish an account on Cisco.com by following the directions found at this URL:

Cisco Feature Navigator is updated regularly when major Cisco IOS software releases and technology releases occur. For the most current information, go to the Cisco Feature Navigator home page at the following URL:

Cisco IOS Software Documentation Set

The Cisco IOS software documentation set consists of the Cisco IOS configuration guides, Cisco IOS command references, and several other supporting documents. The Cisco IOS software documentation set is shipped with your order in electronic form on the Documentation CD-ROM—unless you specifically ordered the printed versions.

Documentation Modules

Each module in the Cisco IOS documentation set consists of one or more configuration guides and one or more corresponding command references. Chapters in a configuration guide describe protocols, configuration tasks, and Cisco IOS software functionality, and contain comprehensive configuration examples. Chapters in a command reference provide complete command syntax information. Use each configuration guide with its corresponding command reference.

Obtaining Documentation

Cisco documentation and additional literature are available on Cisco.com. Cisco also provides several ways to obtain technical assistance and other technical resources. These sections explain how to obtain technical information from Cisco Systems.

Documentation DVD

Cisco documentation and additional literature are available in a Documentation DVD package, which may have shipped with your product. The Documentation DVD is updated regularly and may be more current than printed documentation. The Documentation DVD package is available as a single unit.

Registered Cisco.com users (Cisco direct customers) can order a Cisco Documentation DVD (product number DOC-DOCDVD=) from the Ordering tool or Cisco Marketplace.

Reporting Security Problems in Cisco Products

Cisco is committed to delivering secure products. We test our products internally before we release them, and we strive to correct all vulnerabilities quickly. If you think that you might have identified a vulnerability in a Cisco product, contact PSIRT:

Tip We encourage you to use Pretty Good Privacy (PGP) or a compatible product to encrypt any sensitive information that you send to Cisco. PSIRT can work from encrypted information that is compatible with PGP versions 2.x through 8.x.

Never use a revoked or an expired encryption key. The correct public key to use in your correspondence with PSIRT is the one that has the most recent creation date in this public key server list:

Obtaining Technical Assistance

For all customers, partners, resellers, and distributors who hold valid Cisco service contracts, Cisco Technical Support provides 24-hour-a-day, award-winning technical assistance. The Cisco Technical Support Website on Cisco.com features extensive online support resources. In addition, Cisco Technical Assistance Center (TAC) engineers provide telephone support. If you do not hold a valid Cisco service contract, contact your reseller.

Cisco Technical Support Website

The Cisco Technical Support Website provides online documents and tools for troubleshooting and resolving technical issues with Cisco products and technologies. The website is available 24 hours a day, 365 days a year, at this URL:

Access to all tools on the Cisco Technical Support Website requires a Cisco.com user ID and password. If you have a valid service contract but do not have a user ID or password, you can register at this URL:

Note Use the Cisco Product Identification (CPI) tool to locate your product serial number before submitting a web or phone request for service. You can access the CPI tool from the Cisco Technical Support Website by clicking the Tools & Resources link under Documentation & Tools.Choose Cisco Product Identification Tool from the Alphabetical Index drop-down list, or click the Cisco Product Identification Tool link under Alerts & RMAs. The CPI tool offers three search options: by product ID or model name; by tree view; or for certain products, by copying and pasting show command output. Search results show an illustration of your product with the serial number label location highlighted. Locate the serial number label on your product and record the information before placing a service call.

Submitting a Service Request

Using the online TAC Service Request Tool is the fastest way to open S3 and S4 service requests. (S3 and S4 service requests are those in which your network is minimally impaired or for which you require product information.) After you describe your situation, the TAC Service Request Tool provides recommended solutions. If your issue is not resolved using the recommended resources, your service request is assigned to a Cisco TAC engineer. The TAC Service Request Tool is located at this URL:

For S1 or S2 service requests or if you do not have Internet access, contact the Cisco TAC by telephone. (S1 or S2 service requests are those in which your production network is down or severely degraded.) Cisco TAC engineers are assigned immediately to S1 and S2 service requests to help keep your business operations running smoothly.

To open a service request by telephone, use one of the following numbers:

Definitions of Service Request Severity

To ensure that all service requests are reported in a standard format, Cisco has established severity definitions.

Severity 1 (S1)—Your network is "down," or there is a critical impact to your business operations. You and Cisco will commit all necessary resources around the clock to resolve the situation.

Severity 2 (S2)—Operation of an existing network is severely degraded, or significant aspects of your business operation are negatively affected by inadequate performance of Cisco products. You and Cisco will commit full-time resources during normal business hours to resolve the situation.

Severity 3 (S3)—Operational performance of your network is impaired, but most business operations remain functional. You and Cisco will commit resources during normal business hours to restore service to satisfactory levels.

Severity 4 (S4)—You require information or assistance with Cisco product capabilities, installation, or configuration. There is little or no effect on your business operations.

Obtaining Additional Publications and Information

Information about Cisco products, technologies, and network solutions is available from various online and printed sources.

•Cisco Marketplace provides a variety of Cisco books, reference guides, and logo merchandise. Visit Cisco Marketplace, the company store, at this URL:

•Cisco Press publishes a wide range of general networking, training and certification titles. Both new and experienced users will benefit from these publications. For current Cisco Press titles and other information, go to Cisco Press at this URL:

•Packet magazine is the Cisco Systems technical user magazine for maximizing Internet and networking investments. Each quarter, Packet delivers coverage of the latest industry trends, technology breakthroughs, and Cisco products and solutions, as well as network deployment and troubleshooting tips, configuration examples, customer case studies, certification and training information, and links to scores of in-depth online resources. You can access Packet magazine at this URL:

•iQ Magazine is the quarterly publication from Cisco Systems designed to help growing companies learn how they can use technology to increase revenue, streamline their business, and expand services. The publication identifies the challenges facing these companies and the technologies to help solve them, using real-world case studies and business strategies to help readers make sound technology investment decisions. You can access iQ Magazine at this URL:

•Internet Protocol Journal is a quarterly journal published by Cisco Systems for engineering professionals involved in designing, developing, and operating public and private internets and intranets. You can access the Internet Protocol Journal at this URL: